cbcvebase.
CVE-2011-3583
published 2019-11-26

CVE-2011-3583: It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL…

PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.37%
68.5th percentile
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

Affected

3 ranges
VendorProductVersion rangeFixed in
typo3cms4.5.0 – 4.5.5
typo3typo34.5.0 – 4.5.5
typo3_coretypo3_core

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.